<?php
if(isset($_POST['uname']))
{
$uname=$_POST['uname'];
}
if(isset($_POST['pass']))
{
$pass=$_POST['pass'];
}
$pass=md5($pass);

if($uname=="" || $pass=="")
{
//header("location:adminloginform.php");
echo"$uname, $pass, is blank";
}
else
{

include"../includes/common.php";

$val=mysql_query("SELECT * FROM user WHERE uname='$uname' AND pass='$pass'");

$record=mysql_fetch_array($val,MYSQL_ASSOC);

if($record['uname']=="$uname" && $record['pass']=="$pass")
{
session_start();

$_SESSION['uname']=$uname;
header("location:index.php");
}
else
{
print "<table width=100% border=0 cellpadding=10 cellspacing=0 bgcolor=#FF6600 class=msg>
  <tr>
    <td align=center valign=middle>Access Denied ( Information not found ! )</br> </td>
  </tr>
  <tr>
    <td align=center valign=middle><form>
      <input name=button type=button onclick=history.go(-1);return false; value= &lt;--BACK>
    </form>
    </td>
  </tr>
</table>";
}
}
?>